scanelf: improve shdr string overflow check more
Rather than operate on the result of the pointers (which might have
overflowed due to the offset being huge), check the offset directly
against the size of the file like we do elsewhere in scanelf.

rewrite which() so that it works and does not break $PATH
we were walking the $PATH in reverse which it should have been forwards. we were also modifying the pointer we got back from getenv() which meant any time we ran external code, $PATH would be truncated. finally, we never actually checked the first element -- we would bail before we got a chance.

move array_cnt check into array_for_each init
atm, if you try to use array_for_each or array_flatten_str on an array that has no members, you will get a segfault. this is an easy rule to forget (and the current code does just that in at least one place), so move the array_cnt check into the init phase. theres negligible code size impact so it should not be a big deal.

scanelf: flag object files that have a +x stack (even if it is -w) since its almost assured the final ELF will add +w automatically
this makes a difference too -- see bug 445962 where dvdauthor produced a mpeg2desc.o that had a +x w/gcc-4.8 and a nested function, but the output only flagged the final mpeg2desc binary as that included +w stack markings

scanelf/pspax: drop PT_LOAD counts since more than "normal" is not a bug and is semi-common with some targets, and the warning has out lived its usefulness -- it was added as an initial sanity check to get a feel for the real world

Rewrite symbol matching code in scanelf.
The previous code was entirely broken when trying to match symbols in
unstripped binaries when giving multiple symbols as target.
The new code differs from the old one in quite a few ways:
- debug output when -g option is passed is disabled in the code
(hacky, but still better than before!);
- regular expression matching is actually used when -g option is
passed;
- by default, the symbol name is tested against the symbol name
without version; no-version symbol name matching is possible by
using the -g option and adding a final $;
- multiple symbols and single symbols are handled in the same way so
that there is no more difference between them;
- the returned symbol name is the actual symbol name as found in the
file, so includes the version when the file is not stripped.
While this means that there are some minimal differences between the
previous code, it's arguable that this code is less buggy and more
consistent than the one before.

Process QA_TEXTRELS and QA_EXECSTACK, whitespace-separated lists of
${D}-relative exemptions from textrel and executable stack (i.e. PF_X on
PT_GNU_STACK) checks, so portage can hand this off to scanelf (bug #131779)

- Make -E take strings vs just numerics. Fixed off by one in ld.so.conf include file handling(Reported by PaX autho.r). Made sure we only set ei pax flags when etype is ET_EXEC || ET_DYN. Updated README, man page

This form allows you to request diffs between any two revisions of this file.
For each of the two "sides" of the diff,
select a symbolic revision name using the selection box, or choose
'Use Text Field' and enter a numeric revision.